Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv681
Modified Files:
fc6 fc7
Log Message:
Add CVE-2007-4131 - tar directory traversal.
Update status of resolved issues.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -r1.242 -r1.243
--- fc6 20 Aug 2007 16:01:57 -0000 1.242
+++ fc6 21 Aug 2007 08:39:05 -0000 1.243
@@ -15,6 +15,7 @@
CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
+CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- fc7 20 Aug 2007 16:01:57 -0000 1.75
+++ fc7 21 Aug 2007 08:39:05 -0000 1.76
@@ -14,12 +14,12 @@
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
-CVE-2007-4321 VULNERABLE (fail2ban) #252290
+CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since
FEDORA-2007-1643
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (
openoffice.org) just a crash
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
-CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
-CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
+CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700]
+CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700]
CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
GENERIC-MAP-NOMATCH version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
@@ -27,10 +27,11 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
+CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 VULNERABLE (libvorbis) #245991
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3852 VULNERABLE (sysstat) #252295
+CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -40,7 +41,7 @@
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
-CVE-2007-3820 ** (kdebase) #248537
+CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
CVE-2007-3782 ** (mysql)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits